General
-
Target
New Order_Hwqa0192883.exe
-
Size
1.5MB
-
Sample
220705-n7fefsghen
-
MD5
6a50ea3a64109270c92820c61f9194ad
-
SHA1
8ff6b22a126c0c5014585d3c6baf45cbff9c567d
-
SHA256
8bf3a6d4281caa9520340d186e314cd64b8986de1dfa306c9d256ffa0f4c06ab
-
SHA512
1112af1c999fa5b950d988d62fd389dcfa4c08393be66a78cbf128b7ba282b203633d7ae1007c8cd093716cb94936b0f2fe54e53ed90e629fced2f0fcb8214a2
Static task
static1
Behavioral task
behavioral1
Sample
New Order_Hwqa0192883.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order_Hwqa0192883.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.putlock.co.uk - Port:
587 - Username:
garry@putlock.co.uk - Password:
Puttflue94 - Email To:
jantonio.crystal.cfi@gmail.com
https://api.telegram.org/bot5502458727:AAFTUrq_Mr-3cF-XZNdwaOsYHT_Ur2vcW3E/sendMessage?chat_id=1530075292
Targets
-
-
Target
New Order_Hwqa0192883.exe
-
Size
1.5MB
-
MD5
6a50ea3a64109270c92820c61f9194ad
-
SHA1
8ff6b22a126c0c5014585d3c6baf45cbff9c567d
-
SHA256
8bf3a6d4281caa9520340d186e314cd64b8986de1dfa306c9d256ffa0f4c06ab
-
SHA512
1112af1c999fa5b950d988d62fd389dcfa4c08393be66a78cbf128b7ba282b203633d7ae1007c8cd093716cb94936b0f2fe54e53ed90e629fced2f0fcb8214a2
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-